Last Updated on September 24, 2025 by Melissa Lazaro

Document Control Under ISO 15189:2022

Let’s be honest—document control is one of those things every lab says they have under control… until audit day comes around.

In my experience helping labs transition to ISO 15189:2022, this is one of the most common areas where things fall apart. I’ve seen outdated SOPs still in use, two different versions of the same form floating around, and team members unsure which document is the “official” one. And yes—auditors notice this immediately.

Here’s the good news: document control doesn’t have to be complicated. You don’t need expensive software or a massive overhaul to make it work. What you do need is a clear system, real accountability, and a structure that reflects how your lab actually operates.

In this guide, I’ll walk you through exactly how to get your document control system aligned with ISO 15189:2022—without the stress or confusion. Whether you’re building from scratch or cleaning up a messy setup, I’ll share what works, what to avoid, and how to make your system auditor-ready and staff-friendly.

Let’s get started.

What ISO 15189:2022 Says About Document Control

Why This Isn’t Just About Paperwork Anymore

Let’s be real—document control used to be about filing cabinets, version stamps, and maybe a binder with some dusty SOPs. But ISO 15189:2022 changes the game. It’s no longer just about keeping things tidy. It’s about making sure your quality system is active, traceable, and accessible in real time.

In my experience, the biggest difference between a lab that passes an audit and one that struggles comes down to this: they’ve taken document control seriously. And they’ve made it easy for their team to follow.

What the Standard Actually Requires

ISO 15189:2022 lays out a clear expectation—you must control all documents that affect the quality of your services. That means you need to:

• Approve documents before release

• Review and update them regularly

• Identify changes clearly

• Make current versions available where needed

• Prevent the use of obsolete documents

• Maintain records of revisions and approvals

In other words, your lab can’t just say you follow a process—you have to show it, prove it, and track it.

Here’s What I’ve Noticed

A lot of labs think they’re compliant because they’ve got a folder labeled “SOPs” on a shared drive. But when we dig deeper, they can’t tell who last approved those documents, when they were last reviewed, or whether the printed copies in use are even the latest versions. That’s where nonconformities show up.

A Real-World Example

One client I worked with had a beautiful quality manual—but their document control system was a mess. Different departments were using different versions of the same procedure. During their audit, this inconsistency got flagged, and it nearly derailed their accreditation. We fixed it by building a simple digital control system using nothing more than shared folders and a master spreadsheet for tracking revisions, owners, and review dates. Problem solved—no expensive software required.

Establishing a Document Hierarchy That Works

Because Not Every Document Should Carry Equal Weight

Here’s what I’ve noticed: when labs treat every document the same, things get messy fast. Suddenly, a minor cleaning checklist gets the same level of control as your most critical SOP—and no one knows where to find what they need.

That’s why building a clear document hierarchy isn’t just helpful—it’s essential. It gives structure to your system and makes it easier for your team to find, follow, and maintain the documents that matter most.

How to Build Your Hierarchy

Start with four simple categories:

1. Policies
These are your top-level commitments. Think of them as your “what” and “why.” For example: your quality policy, impartiality policy, or data protection policy.

2. Procedures or SOPs
This is the “how.” These documents guide day-to-day lab work, from sample handling to equipment calibration. If it impacts quality or safety, it belongs here.

3. Work Instructions
These are more detailed steps, often tied to a specific task or piece of equipment. For example, how to clean a centrifuge or log temperature checks.

4. Forms and Records
These support your procedures and instructions. Think request forms, result logs, calibration records, etc. They should always reflect current versions.

A Visual Tip That Helps

I usually tell clients to picture their documents in a pyramid. At the top? A few broad policies. In the middle? A core set of procedures. And at the bottom? Dozens (sometimes hundreds) of forms and logs. This visual helps teams understand the relationship between documents—and which ones really drive the system.

Real-World Example

One lab I worked with was struggling with document sprawl. Everyone had their own formats, naming systems, and storage methods. We sat down, mapped out their entire QMS using the pyramid model, standardized naming conventions, and reorganized everything by category. Within a week, their internal audit team could pull any document in under two minutes—and the next ISO audit had zero findings in documentation.

Creating and Approving Documents Effectively

Don’t Just Write It—Make Sure It’s Right

Here’s where a lot of labs run into trouble. Someone writes a procedure because “we need one,” but no one checks if it actually reflects how things are done in the lab. Then come audit day, the team is following one process, and the SOP says something else entirely.

In my experience, the strongest labs write documents that come from the people doing the work—not just for the sake of the standard. They also have a clear process for review and approval that avoids bottlenecks and confusion.

What a Good Document Creation Process Looks Like

1. Drafting
Start with the people who use the process. Technicians, analysts, support staff—whoever knows the workflow best should be involved. That way, your documents reflect real-life practice, not ideal scenarios.

2. Review
Next, someone with a broader view—like a section head or quality manager—reviews the draft to make sure it aligns with the QMS and regulatory requirements.

3. Approval
Finally, a designated approver (often the Lab Director or Quality Manager) signs off on the final version. The approval process should be documented with signatures, dates, and version numbers.

4. Distribution
Once approved, the document is shared with staff in a controlled way—either digitally or in print, but always with access restrictions to prevent unauthorized edits.

Real-World Example

A client of mine in Egypt had a backlog of over 40 SOPs waiting for approval because only the lab director was authorized to sign off. It created weeks of delay. We revised their policy to allow trained section heads to approve documents within their scope, with the QAM providing oversight. Their documentation backlog cleared in less than two weeks—and they stayed compliant.

What I Recommend

Keep a document lifecycle table in your system that tracks:

• Author

• Review date

• Approver

• Effective date

• Next scheduled review

• Linked forms or attachments

Not only does this keep you organized—it gives auditors immediate confidence in your system.

Implementing Version Control and Change Management

Because “Version Final-Final-3” Just Doesn’t Cut It

Let’s be honest—we’ve all seen it. A folder full of documents named things like “Procedure_v2_FINAL”… then “FINAL_FINAL”… then “USE THIS ONE.” It’s confusing, it’s risky, and under ISO 15189:2022, it’s a fast track to a nonconformity.

In my experience, version control is one of the easiest things to set up—but also one of the most commonly ignored. The good news? You don’t need fancy software to get it right. You just need a simple, consistent system.

What ISO 15189:2022 Expects

The standard wants you to:

• Assign a unique identifier and version number to every document

• Keep a clear revision history showing what changed, when, and why

• Ensure only the current version is in use

• Track who approved the change and who it was distributed to

• Maintain a record of obsolete documents, just in case you need to refer back

It’s all about traceability. You need to be able to show how a document evolved—and that staff are using the right one.

Real-World Example

I helped a diagnostics lab in Malaysia that had multiple versions of SOPs being printed and used on the workbench—with no tracking. During an audit, the assessor found two conflicting versions of the same test procedure. That turned into a major nonconformity.

We implemented a simple cloud-based log using Google Sheets. Each row tracked:

• Document name

• Version number

• Change summary

• Date issued

• Approved by

• Link to the file

It cost nothing—but completely cleaned up their documentation chaos.

What Works in Practice

1. Stick to a Naming Convention
Use something like: SOP-LAB-001_v1.0. It’s clean, it’s easy to search, and you’ll know exactly what version you’re looking at.

2. Create a Change Log
At the end of each controlled document—or in a central tracker—include a short section for revision history. Even a few words per update (“Added section on PPE disposal”) makes a big difference.

3. Archive Obsolete Versions
Don’t delete them. Just move them to a read-only “Archive” folder. Clearly label them as superseded to avoid confusion.

Ensuring Accessibility and Security

Because a Document You Can’t Find Might As Well Not Exist

Let’s get real—if your team doesn’t know where to find the current version of a procedure, your entire document control system breaks down. On the flip side, if everyone can edit anything without oversight, that’s just as risky.

In my experience, the sweet spot is balancing easy access for the right people with strong control over edits and approvals. ISO 15189:2022 pushes labs to manage this balance with intention.

What the Standard Is Really Asking For

You need to make sure:

• Authorized personnel have quick access to the latest versions

• Documents are protected against unauthorized changes

• There’s a process to ensure old versions don’t creep back into use

• Sensitive documents (like internal audits or incident reports) are restricted

• There’s a backup and retention plan in place

It’s about keeping your system lean, secure, and user-friendly—especially under pressure.

What I’ve Seen Work (and Not Work)

One lab I supported had a great set of SOPs—but they were all saved in different folders across five departments. No naming consistency, no central access, no controls. We replaced that with a shared drive structured by document type (SOPs, forms, policies) with read-only access for most staff and edit access limited to document owners. It was simple. It worked. And during their next audit? Zero findings.

Compare that to another site where SOPs were handed out as printed copies with handwritten notes on them… and no one knew which version was current. That led to serious corrective actions and a follow-up audit within three months.

Practical Tips That Make a Difference

1. Use Centralized Access (But Lock It Down)
Cloud tools like Google Drive, SharePoint, or a QMS platform work great—as long as you set permissions. Let staff view or download, but restrict edits to document owners.

2. Color Code or Watermark Drafts and Obsolete Versions
This reduces the risk of someone using an outdated form or following a superseded SOP.

3. Post a “What’s New” Bulletin
When you update critical documents, post a simple internal bulletin—or email summary—with what’s changed and why. Staff appreciate it, and it shows auditors you’re proactive.

Training and Compliance Monitoring

A Document Is Only as Good as the People Using It

Here’s something I tell every client: having a perfectly written SOP doesn’t mean much if your staff isn’t following it. And more often than not, nonconformities come down to a simple gap—what’s written on paper isn’t what’s happening in practice.

ISO 15189:2022 takes this seriously. It expects labs not just to document procedures, but to make sure the people using them are trained, confident, and compliant.

What the Standard Looks For

Your lab should be able to show that:

• Staff have been trained on each relevant document

• Training is recorded and traceable

• Staff understand why the procedure matters, not just how to do it

• Internal audits check for real-world compliance, not just paperwork

In other words, ISO 15189 isn’t just about documentation—it’s about performance. You need to bridge the gap between what’s written and what’s done.

What I Recommend to Clients

1. Link Training Directly to Documents
Don’t rely on generic annual training. When you update a procedure, make sure you tag the people affected and schedule a quick refresh session. Even 15 minutes of walkthrough can prevent major mistakes.

2. Keep a Simple Training Matrix
You don’t need an expensive system. Just a spreadsheet showing each employee, the documents they’re trained on, the date of training, and who signed it off. That’s enough to satisfy most auditors—if it’s up to date.

3. Include Document Checks in Internal Audits
Don’t just ask “Are you following the procedure?” Show the auditor that you checked which version staff are using, how they access it, and whether they know what to do if something changes.

Real-World Example

One lab I worked with had excellent procedures—but they weren’t checking whether new hires were trained on them. When we implemented a basic orientation checklist tied to their core SOPs, staff confidence went up, and small process errors dropped by over 40% in three months. It wasn’t a tech solution—it was just consistency.

Pro Tips / Insight Boxes 

Pro Tip: Use a Footer That Does the Heavy Lifting

Every controlled document should have a footer that includes:

• Document title

• Version number

• Approval date

• Page number
  This one detail can eliminate hours of confusion during audits. In my experience, labs that skip this are always scrambling to figure out what version is in circulation.

Insider Insight: Always Field-Test New Procedures

Before approving a new SOP, have someone actually use it. Watch them walk through the steps. If they pause, ask questions, or get confused, the document isn’t ready. I’ve seen “perfect” SOPs get rewritten completely after 10 minutes of real use on the bench.

Expert Advice: Maintain a Master Document Index

One spreadsheet. One tab. Every controlled document listed with:

• Title

• Document code

• Current version

• Last review date

• Responsible owner
  It’s your lab’s single source of truth—and it shows auditors you’re in control.

Implementation Tip: Tag Training to Document Revisions

Every time you revise a critical SOP, log who was retrained and when. It’s a simple checkbox in your training matrix, but it shows you’re not just updating documents—you’re ensuring they’re understood and applied.

Common Mistakes and FAQs 

Common Mistakes Labs Make with Document Control

Treating Document Control Like a One-Time Project
Let’s be real—document control isn’t something you set up once and forget. If your SOPs haven’t been reviewed in two years, that’s a red flag. In my audits, I’ve seen “current” documents that were last updated five versions of the process ago.

Letting Everyone Save Their Own Copies
This one’s risky. If every department saves a version of an SOP on their desktop, someone’s going to be using the wrong one. I’ve seen labs get hit with nonconformities just because a technician was following an old printed copy they thought was still valid.

Not Controlling Forms and Logs
Many labs control their SOPs—but forget about forms. Calibration records, maintenance checklists, request forms—these all need control, too. If the form isn’t versioned or tied to the SOP, it’s incomplete.

Skipping Obsolete Document Management
Deleting outdated documents might seem like housekeeping, but in ISO 15189, it’s a problem. You need to archive them properly. I recommend moving them to a read-only “Obsolete” folder with a clear label: Superseded—Do Not Use.

Frequently Asked Questions

Do we need to control every single document in the lab?
Not every piece of paper—but anything that affects quality, safety, or compliance should be controlled. That includes SOPs, work instructions, forms, policies, and records that support the QMS.

Can we use digital systems like Google Drive or Dropbox?
Yes—as long as you manage permissions, version history, and document approval. The system doesn’t have to be expensive, but it has to be intentional.

How often should we review controlled documents?
At least once a year is a good rule of thumb. But also after any major change—equipment upgrades, regulatory shifts, audit findings, or process improvements.

Document Control Is Simpler When It’s Real

Let’s wrap this up. Document control under ISO 15189:2022 isn’t just about passing an audit—it’s about protecting quality, supporting your staff, and running a lab that doesn’t fall apart when something changes.

In my experience, the labs that do this well don’t chase perfection. They build practical systems that match how they actually work. They involve the right people, keep documents updated and accessible, and use simple tools to stay organized and accountable.

So if your lab’s document control system feels scattered, outdated, or confusing—it’s fixable. And you don’t need to invest in a complex solution. You just need to make intentional decisions, define clear responsibilities, and commit to keeping it alive over time.

Want help making that happen?
Download our free ISO 15189:2022 Document Control Checklist or schedule a consultation to walk through your current system. We’ll help you get it streamlined, compliant, and working for your team—not just your next audit.